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ABSTRACT 



A system and method of managing multiple users of an open 
metering system, wherein the users have different access 
privileges, includes the steps of providing a user password 
system for vault access; programing the vault with a plu- 
rality of transition states operatively relating to the user 
password system; assigning vault functional access to each 
user password first entered into the user password system; 
and performing a requested vault function when an entered 
user password under which the request is made has been 
assigned vault functional access far the requested vault 
function. The vault is manufactured in a first state in which 
the user password system is not activated and the activates 
the user password system upon entry of an initial user 
password which changes the vault to a second state that 
accepts requests for vault functions. The vault is changed to 
a third state from the second state wherein the user password 
system remains activated but another user password must be 
entered before a further request far a vault function is 
accepted. The requested vault function is rejected when the 
entered user password under which the request is made has 
not been assigned vault functional access for the requested 
vault function. 

10 Claims, 5 Drawing Sheets 
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SYSTEM AND METHOD FOR MANAGING postage payment The Postal Data may be printed both in 

MULTIPLE USERS WITH DIFFERENT encrypted and unencrypted form in the postal revenue block. 

PRIVILEGES IN AN OPEN METERING Postal Data serves as an Input to a Digital Token Transfor- 

SYSTEM mation which is a cryptographic transformation computation 

5 that utilizes a secret key to produce digital tokens. Results of 

FIELD OF THE INVENTION mc Digital Token Transformation, i.e., digital tokens, are 

available only after completion of the Accounting Process, 

The present invention relates to advanced postage pay- Digital tokens are utilized in both open and closed meter- 

ment systems and, more particularly, to advanced postage ing systcms . However, for open metering systems, the 

payment systems having pre-computed postage payment 1Q non _de<ucated printer may be used to print other information 

information. £ n addition to the postal revenue block and may be used in 

mt atttti ATOi ic* ATTfYWQ activity other than postage evidencing. In an open system 

RELAI ED Ar rxiCAi lUrt > ped, addressee information is included in the Postal Data 

The present arjplication is related to the following U.S. which is used in the generation of the digital tokens. Such 

patent applications Ser. Nos. 08/575,106 (now U.S. Pat. No. 15 use of the addressee information creates a secure link 

5,625.694); 08/575,107; 08/574,476; 08/575,110; 08/574, between the mailpiece and the postal revenue block and 

743; 08/575,112; 08/575,109; 08/575,104; 08/574,749 (now allows unambiguous authentication of the mall piece. 

U.S. Pat No. 5,590,198); 08/575,111, each filed concur- Conventional postage meters are equipped with a physical 

rently herewith, and assigned to the assignee of the present key or some type of mechanical or electronic access, such as 

invention. 20 a smart card, to protect the meter from unauthorized access 

to the meter. In closed metering systems, such as disclosed 

BACKGROUND OF THE INVENTION in U.S. Pat Nos, 4,802,218, 5,111,030 and 4,980,542, smart 

, . , cards are used to control meter access for various meter 

Postage metering systems are being developed which to perform adimnistrative functions, such as 

employ digital printers ; to pnnt encrypted iiiformauon on a M accountin ^ of departmental use of a meter. Heretofore, such 

mailpiece. Suchmetenng systems are presently categorized controU ed access provided access for certain functions based 

by the USPS as either closed systems or open systems, ha on the type of smart card inserted into the metering device, 

closed system, the system functionality is solely dedicated to ^ ^ n £ ide use at the typical user leveL 
metering activity. A dosed system metering device includes 

a dedicated printer securely coupled to a metering or 3Q SUMMARY OF THE INVENTION 
accounting function. In a closed system, since the printer is it has been discovered that for an open metering system, 
securely coupled and dedicated to the meter, printing cannot sucn as a PC-based metering system that comprises a PC, a 
take place without accounting. In an open metering system pj U g _in peripheral as a vault to store postage funds and a 
the system functionality is not dedicated solely to metering non-secure and non-dedicated printer, it is not practical to 
activity. An open system metering device includes a printer 35 install a physical key because the vault is a small, 
that is not dedicated to the metering activity, thus freeing removable, electronic device void of medianicalparts.lt has 
system functionality for multiple and diverse uses in addi- been further discovered that a password system of the vault 
tion to the metering activity. An open system metering can protect the vault from illegal or unauthorized access, 
device is a postage evidencing device (PED) with a non- The present invention provides a method of managing 
dedicated printer that is not securely coupled to a secure 4Q multiple users of the PC-based metering system through a 
accounting module. & user password system. The method provides password con- 
Typically, the postage value for a mailpiece is encrypted trolled access to the PC-based metering system wherein the 
together with other data to generate a digital token which is use associated with each user password can be customized 
then used to generate a postage indicia that is printed on the for restricted access to various functions of the metering 
mailpiece. A digital token is encrypted information that 45 system. 

authenticates the information imprinted on a mailpiece The PC-based metering system operates in one of four 

including postal value. Examples of systems for generating modes: normal user mode, privileged mode, manufacturing 

and using digital tokens are described in U.S. Pat. Nos. mode and inspection mode. To enter each mode, a mode 

4,757.537, 4.831.555, 4,775,246, 4,873,645 and 4,725,718, password assigned to such mode must be entered through 

the entire disclosures of which are hereby incorporated by 50 the user interface of the PC. The present invention provides 

reference. These systems employ an encryption algorithm to security management of multiple users with different privi- 

encrypt selected information to generate at least one digital leges that access the different functionality's of the 

token for each mailpiece. The encryption of the information PC-based open metering system in user mode. For example, 

provides security to prevent altering of the printed informa- once activated the user password system requires a valid 

tion in a manner such that any misuse of the tokens is 55 user password to be entered before the vault can be accessed, 

detectable by appropriate verification procedures. Once a user password is entered, the features or functions of 

TVpical information which may be encrypted as part of a the metering system available to the user depends on what 

digital token includes origination postal code, vendor functions/features were customized as being accessible for 

identification, data identifying the PED, piece count, postage the entered user password. Examples of such user fu notions/ 

amount, date, and, for an open system, destination postal 60 features that are customized to a user password are: vault 

code. These items of information, collectively referred to as refill, network meter access, maximum postage amount, 

Postal Data, when encrypted with a secret key and printed on destination address limitations, diagnostic and inspection 

a mail piece provide a very high level of security which report access, and departmental accounting reports via a 

enables the detection of any attempted modification of a local open metering system or a networked open metering 

postal revenue block or a destination postal code. A postal 65 system. 

revenue block is an image printed on a mall piece that In accordance with the present invention, a method of 
includes the digital token used to provide evidence of managing multiple users of an open metering system. 
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wherein each of the users have different access privileges, FIG. 8 is a block diagram of a network-based open 

includes programming a vault with a plurality of operational metering system in which the present invention operates, 

modes, such as manufacturing mode, normal mode, service 

mode and privileged mode, and assigning a hierarchy to DETAILED DESCRIPTION OF THE PRESENT 

each mode. Each of the modes is assigned with a user 5 INVENTION 

password that is required to operate the vault in the respec- _ . . ^ x . . . 

tive mode. Each user of the vault is provided with one or ^ describing foe present invention, reference u made to 

more passwords corresponding to the access level assigned ^ Swings, wherein there is seen in FIGS. 1-3 an open 

to the user. When the vault becomes operational a normal system PC-based postage meter, also referred to herein as a 

mode password is required to place the vault in normal PC meter system, generally referred to as 10, in which the 

mode. Once operational whenever a command is received present invention provides a user password system that 

by the vault for a function corresponding to the manufac- controls user access. PC meter system 10 includes a con- 

turing mode, the service mode or the privileged mode the ventional personal computer configured to operate as a host 

command must be accompanied by a respective user pass- to a removable metering device or electronic vault, generally 

word. The idle time of the vault is continuously monitored referred to as 20, in which postage funds are stored. PC 

so that the vault can be placed in a non-operational state if 15 meter system 10 uses the personal computer and its printer 

the continuous idle time exceeds an idle time limit. The to print postage on envelopes at the same time it prints a 

method of the present invention provides security that recipient's address or to print labels for pre-addressed return 

prevents tampering and false evidence of postage payment envelopes. It will be understood that although the preferred 

and provides the ability to do batch processing of digital embodiment of the present invention is described with 

tokens. 20 regard to a postage metering system, the present invention is 

A system and method of managing multiple users of an applicable to any-yalue metering system that includes a 

open metering system, wherein the users have different transaction evidencing. 

access privileges, includes the steps of providing a user As used herein, the term personal computer is used 

password system for vault access; programming the vault 25 genetically and refers to present and future microprocessing 

with a plurality of transition states operatively relating to the systems with at least one processor operatively coupled to 

user password system; assigning vault functional access to user interface means, such as a display and keyboard, and 

each user password first entered into the user password storage media. The personal computer may be a workstation 

system; and performing a requested vault function when an that is accessible by more than one user. Before describing 

entered user password under which the request is made has 30 the present invention a brief description of the PC-based 

been assigned vault functional access for the requested vault postage meter 10 is provided. 

function. The vault is manufactured in a first state in which The PC-based postage meter 10 includes a personal 

the user password system is not activated and then activates computer (PC) 12, a display 14, a keyboard 16, and an 

the user password system upon entry of an initial user non-secured digital printer 18, preferably a laser or ink-jet 

password which changes the vault to a second state that 35 printer. PC 12 includes a conventional processor 22, such as 

accepts requests for vault functions. The vault is changed to the 80486 and Pentium processors manufactured by Intel, 

a third state from the second state wherein the user password and conventional hard drive 24, floppy drive(s) 26, and 

system remains activated but another user pas sword must be memory 28. Electronic vault 20, which is housed in a 

entered before a further request for a vault function is removable card, such as PCMCIA card 30, is a secure 

accepted. The requested vault function is rejected when the encryption device for postage funds management, digital 

entered user password under which the request is made has token generation and traditional accounting functions. PC 

not been assigned vault functional access for the requested meter system 10 may also include an optional modem 29 

vault function. which is located preferably in PC 12. Modem 29 may be 

DESCRIPTION OF THE DRAWINGS used for communicating with a Postal Service or a postal 

m J ^, JJ rt A * authenticating vendor for recharging funds (debit or credit). 

TTieabove andother objects and advantages of the present ^ ^ embodiment me modem ^ be located in 

invention will be apparent upon consideration of the fol- PCMCIA card 30 

lowing detailed description, taken in conjunction with 4 ' lfl , JL . , . _ 7 . , , 

accompanying drawings, in which like reference characters PC meter system lOfuitoex includes a Wmdows-basedPC 

refer to like £rtt throughout and in which: softwar ° ""f^. 3 * <™f • 4 > ** 18 ac . cessl ^ * om 

i - i j. r ^ . . . . 50 conventional Windows-based word processing, database 

FIG. 1 is a block diagram of a PC-based metering system ^ ^ applic ation programs 36. PC software mod- 

inwhich .the present invention operates; ule' 34includes a vault dynamic link library (DLL) 40, a user 

FIG. 2 is a schematic block diagram of the PC-based i nter face module 42, and a plurality of sub-modules that 

metering system of HG. 1 including a removable vault card COfltrol ^ metering functions. DLL module 40 securely 

and a DLL in the PC; 55 communicates with vault 20 and provides an open interface 

FIG. 3 is a schematic block diagram of the DLL in the t0 Microsoft Windows-based application programs 36 

PC-based metering system of FIG. 1 including interaction through user interface module 42. DLL module 40 also 

with the vault to issue and store digital tokens; securely stores an Indicia image and a copy of the usage of 

FIG. 4 is a block diagram of the DLL sub-modules in the postal funds of the vault User interface module 42 provides 

PC-based metering system of FIG. 1; go application programs 36 access to an electronic indicia 

FIG. 5 is a flow diagram of vault mode transitions in the image from DLL module 40 for printing the postal revenue 

PC-based metering system of HG. 1; block on a document, such as an envelope or label. User 

FIG. 6 is a flow diagram of state transitions for the vault interface module 42 also provides application programs the 

password system in accordance with the present invention; capability to initiate remote refills and to perform adminis- 

FTG. 7 is a flow chart for managing multiple users with 65 Native functions, 

different privileges for a PC-based metering system in PC-based meter system 10 operates as a conventional 

accordance with the present invention; and personal computer with attached printer that becomes a 
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postage meter upon user request Printer 18 prints all docu- Referring now to FIG. 5, vault 20 has four security access 

ments normally printed by a personal computer, including levels: normal mode 60, service mode 62, privileged mode 

printing letters and addressing envelopes, and in accordance 64 and manufacturing mode 66. In normal mode 60, com- 

with the present invention, prints postage indicia. mands available to users are processed. In service mode 62, 

The vault is housed in a PCMCIA I/O device, or card, 30 5 normal mode commands and service related commands are 

which is accessed through a PCMCIA controller 32 in PC processed. In privilege mode 64, all command except direct 

12. A PCMCIA card is a credit card size peripheral or access to NVM are processed. In manufacturing mode 66, 

adapter that conforms to the standard specification of the all commands are processed. An access level is assigned to 

personal Computer Memory Card International Association. every command that is processed by the vault. Passwords are 

Referring now to FIGS. 2 and 3, the PCMCIA card 30 1Q assigned to the various access levels. For example, to enter 

includes a microprocessor 44, redundant non-volatile service mode fa from the normal mode 60, a service 

memory (NVM) 46, clock 48, an encryption module 50 and password is required. Another password is required to enter 

an accounting module 52 The vault includes an interface 56 prigged mode 64. Thus, two passwords, service and 

t^co^umcates with the host processor 22 through privilcgedi must bc entered to acccss privileged mode 64. 

PCMCIA control -32 The 15 Mvileged mode 64 cannot be accessed from normal mode 

implement the NBS Data Encryption Standard (DBS) or " , n 6 , . . , ~ 

another suitable encryption scheme. In the preferred 60 or manuf acturmg mode 66. 

embodiment, encryption module 50 is a software module. It ™ QR a 'blank* va ult is manufactured, a manufacturing 
will be understood that encryption module 50 could also be vendor puts vault 20 in manufacturing mode 66 to program 
a separate device, such as a separate chip connected to ^ c NVM 46 of PCMCIA card 30. NVM 46 is programmed 
microprocessor 44. Accounting module 52 may be 20 with encryption, accounting, funds management and other 
EEPROM that incorporates ascending and descending reg- vault software modules. Then the vendor locks a serial 
isters as well as postal data, such as origination ZIP Code, number in NVM 46, prohibiting any unauthorized access to 
vendor identification, data identifying the PC-based postage NVM 46, before delivering PCMCIA card 30 to a user. The 
meter 10, sequential piece count of the postal revenue block vendor programs vault 20 to default to normal mode 60 
generated by the PC-based postage meter 10, postage 25 whenever power is applied, A manufacturing mode pass- 
amount and the date of submission to the Postal Service. As word is required, i.e. vault 20 must be in manufacturing 
is known, an ascending register in a metering unit records mo de, to unlock the serial number in vault 20. 
the amount of postage that has been dispensed, Le., issued by 

the vault, in all transactions and the descending register User Password System 

records the value, i.e., amount of postage, remaining in the 30 In accordance with the present invention, a user password 

metering unit, which value decreases as postage is issued. system of the vault is designed to protect the user postal 

The functionality of DLL 40 is a key component of funds while allowing multiple users to have access to 

PC-base meter 10. DLL 40 includes both executable code PC-base metering system 10. The vault allows each of the 

and data storage area 41 that is resident in hard drive 24 of multiple users to activate the password system, to log into 

PC 12. In a Windows environment, a vast majority of 35 the vault, to request indicia and to log out from the vault 

applications programs 36. such as word processing and Other functions of PC-based metering system 10, such as 

spreadsheet programs, communicate with one another using obtaining accounting summaries, authorizing new users to 

one or more dynamic link- libraries. PC-base meter 10 enter passwords, and refilling the vault, require a higher 

encapsulates all the processes involved in metering, and level access. 

provides an open interface to vault 20 from all Windows- 40 When the vault is manufactured, it can be operated 

based applications capable of using a dynamic link library. without a user password. The very first entry of a user 

Any application program 36 can communicate with vault password to the vault activates the vault password system, 

microprocessor 44 in PCMCIA card 30 through DLL 40. and this entry is regarded as password entered. Once 

DLL 40 includes the following software sub-modules. activated, the vault will ask for a user to enter a valid 

Secure communications sub-module 80 controls communi- 45 password at each log in. The vault functions available to a 

cations between PC 12 and vault 20. Transaction captures user depends on access level of the entered user password, 

sub-module 82 stores transaction records in PC 12. Secure Only a user having an active user password can change 

indicia image creation and storage sub-module 84 generates the user password. After a period of time, the vault may 

an indicia bitmap image and stores the image far subsequent require a user to change the current password. If the vault is 

printing. Application interface sub-module 86 interfaces 50 idle for a prefetermined amount of time, the vault may log 

with nonmetering application programs and issues requests out automatically which requires the next use of the vault to 

for digital tokens in response to requests for indicia by the be preceded by a valid user password entry. Preferably, a 

non-metering application programs. Detailed descriptions of valid password is any combination of 4 to 10 alphanumeric 

PC meter system 10, including the processing of the various characters. If a user forgets the password assigned to the 

sub-modules, and the digital token generation process are 55 user. If so, a privileged user must reinitialize the forgetful 

provided in related U.S. patent applications Ser. Nos. user's pass word. When the privileged user forgets the privi- 

[ Attorney Docket E-421] and [Attorney Docket E-416] filed leged . password, the privileged user has the choice of 

concurrently herewith, each of which is incorporated herein requesting a service call to have a service password reini- 

in its entirety by reference. tJalize the privileged password or the privileged user can call 

Since printer 18 is not dedicated to the metering function. 60 the data center to obtain a super password that will deacti- 

issued digital tokens may be requested, calculated and stored vate the user password. The super password is designed for 

in PC 12 for use at a later time when, at a user's discretion, one-time use only. The super password system and method 

corresponding indicia are generated and printed. Such is described in previously noted U.S. patent application Ser. 

delayed printing and batch processing is described in more No. [Attorney Docket No. E-463], which is incorporated 

detail in co-pending U.S. patent application Ser. No. 65 herein by reference. 

[Attorney Docket E-452], which is incorporated herein in its Referring now to FIG. 6, a flow diagram of state transi- 

en tiiery by reference. tions within the vault password system is shown. In accor- 
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dance with the present invention, there are three states for 
the vault password system. SI represents a state wherein the 
password system is not activated This is the state of the 
vault when it is first manufactured and when upon vault 
power-up when the password system has not been activated. 
In this state, the vault can be accessed by any user without 
entering a user password. S2 represents a state wherein the 
user password system has been activated by an initial entry 
of a user password. Once activated, the user password 
system remains in S2 until a user who has an access level 
that can deactivate the user password system deactivates the 
system to state SL Finally, S3 represents a state wherein the 
user password system has been activated but a user pass- 
word is not currently entered. The vault changes from state 
S2 to state S3 whenever the vault is powered down, the vault 
automatically logs off because of excessive idle time, or a 
user logs out of the vault 

In the preferred embodiment of the present invention, the 
user password system runs as a hidden file in DLL in PC 12. 
However* the user password system could run in vault 20 for 20 
a higher level of security. 

Managing Multiple Users 

The present invention provides added security and flex- 
ibility by allowing selective access to the features and 
functions available to users of the PC-based open metering 
system. PC-based postage meter 10 can function as a 
multiple-user device in which multiple users can have 
different access privilege levels to the meter features and 
functions. In the preferred embodiment, a setup routine will 
allow the primary or administrative user of PC-based post- 
age meter 10 to customize individual user passwords for 
access to the different meter features and functions. 

For example, performance of the meter refill function may 
be restricted to the owner of the meter or a user assigned as 
an administrative user. This restriction is a common security 
feature since refilling the meter is spending money. The 
meter owner may also limit the number of users that are 
authorized to perform other functions of the meter, for 
example, changing any of the meter parameters, such as 
postage limit. Such users may share a single password to 
perform certain level(s) of functions or may each be given 
an individual password for added security. PC-based postage 
meter 10 keeps a log, which is stored on hard drive 24, of all 
transactions and logins for further security. 

Access to accounting and account reporting may also be 
restricted. A user must enter the correct password in order to 
access such a restricted function. The present invention also 
provides for sub-levels of user access as a means for limiting 
access to certain information that should not be available to 
all users. For example, some users may be restricted from 
destination addresses of a certain geographical area that 
other users may access. 

Referring now to FIG. 7, the a flow chart for managing 
multiple users with different access privileges is shown. At 
step 100, the vault is in state S3 when the user enters a user 
password. In the preferred embodiment the user password 
entry is combined with a user identification code for further 
security. At step 102, a check is made to determine if the 
entry is a valid user password. If it is, the vault changes state 
to S2 and remains idle, at step 104, until a request made by 
the user is received by vault 20 from PC 12. Examples of the 
possible requests are shown at steps 110-116. At step 120. 
a check is made to determine if the entered user password is 
authorized to perform such request If not the vault returns 
to an idle status at step 104. preferably sending a message to 



the user that the request is not authorized. If authorized, at 
steps 122-128, the requested function is rKrformed. If the 
request at step 116 is for logout, men the user password 
system changes to state S3 and requires a user password at 
step 100. 

Referring now to FIG. 8, a network-based open metering 
system 1 has the same user mode levels of security model as 
the local version PC-based postage meter 10. Different users 
can be given different security levels within the user mode 
in order to access different meter services related to each 
user's use of the metering system. One example of a security 
level is departmental accounting reports to which each user 
may be given access only to the user's department's 
accounting report A more detailed description of the net- 
work metering system 1 is found in the previously note U.S. 
patent application Ser. No. [Attorney Docket No. E-444]. 

As used herein, the term password is used genericaUy and 
refers to present and future methods for authenticating users. 
This may include data a user knows, such as a PIN or 
passphrase; something a user has, such as a magnetic stripe 
card, smart card or diskette; user biometric data, such as a 
fingerprint, voice print or retinal scan; or any combination of 
the above. 

It will be understood that the present invention is not 
25 limited to managing multiple users of an open postage 
metering system. The present invention applies to any 
transaction evidencing system in which a block of informa- 
tion is used to authenticate a document and the information 
is later scanned from the document in the verification 
process. 

While the present invention has been disclosed and 
described with reference to a single embodiment thereof, it 
will be apparent, as noted above that variations and modi- 
fications may be made therein. It is, thus, intended in the 
following claims to cover each variation and modification 
that falls within the true spirit and scope of the present 
invention. 

What is claimed is: 

1. A method of managing multiple users of an open 
metering system, wherein the users have different access 
privileges, the method comprising the steps of: 

providing a user password system for vault access; 
programing the vault with a plurality of transition states 

operatively relating to the user password system; 
assigning vault functional access to each user password 

first entered into the user password system; and 
performing a requested vault function when an entered 
user password under which the request is made has 
been assigned vault functional access for the requested 
vault function. 

2. The method of claim 1, comprising the further steps of: 
manufacturing the vault in a first state in which the user 

password system is not activated; and 
activating the user password system upon entry of an 
initial user password which changes the vault to a 
second state that accepts requests for vault functions. 

3. The method of claim 2, comprising the further step of: 
changing the vault to a third state from the second state 

wherein the user password system remains activated 
but another user password must be entered before a 
further request for a vault function is accepted. 

4. The method of claim 1, comprising the further step of: 
rejecting the requested vault function when the entered 

user password under which the request is made has not 
been assigned vault functional access for the requested 
vault function. 
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5. A transaction evidencing system, comprising 

a personal computer (PC) including processor, memory 
and storage means, said storage, means including at 
least one non-metering application program that is 
selectively run on said PC; 5 

an unsecured printer operatively coupled to said PC for 
printing in accordance with said non-metering applica- 
tion program; 

vault means operatively coupled to said PC said vault 1Q 
means including digital token generation means and 
transaction accounting means, said vault means further 
including a user password system for vault access, said 
vault access including functional access based on an 
entered user password; ^ 

means in said PC for interfacing with said non-metering 
application program, said interfacing means issuing a 
request far at least one digital token in response to a 
request for indicia from said non-metering application 
program, said request for digital token including pre- 20 
determined information required by said token genera- 
tion means; 

means in said PC for communicating with said vault 
means, said communicating means sending said request 
for digital token to said vault means and receiving from 25 
said vault means a digital token generated by said token 
generation means; and 

means in said PC for generating an indicia bitmap from 
said digital token, wherein said interfacing means sends 
said indicia bitmap to said non-metering application 30 
program; 

wherein a requested vault function is performed by the 
vault means when an entered user password under 
which the request is made has been assigned vault 
functional access for the requested vault function. 

6. The transaction evidencing system of claim 5 wherein 
said vault means comprises a portable vault card that is 
removably coupled to said PC, said PC including means for 
removably coupling said vault card to said PC. 

7. The transaction evidencing system of claim 5 wherein 40 
said vault means is manufactured in a first state in which the 
user password system is not activated, said vault means 
activating the user password system upon entry of an initial 
user password which changes the vault to a second state that 
accepts requests for vault functions. 
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8. The transaction evidencing system of claim 7 wherein 
said vault means changes to a third state from the second 
state under certain conditions wherein the user password 
system remains activated but another user password must be 
entered before a further request for a vault function is 
accepted. 

9. The transaction evidencing system of claim 8 wherein 
said certain conditions include excessive vault idle time, 
vault power down and user log-out. 

10. A transaction evidencing system, comprising 

a personal computer (PQ including processor, memory 
and storage means, said storage means including at 
least one non-metering application program that is 
selectively run on said PC; 

an unsecured printer operatively coupled to said PC for 
printing in accordance with said non-metering applica- 
tion program; 

vault means operatively coupled to said PC, said vault 
means including digital token generation means and 
transaction accounting means, said vault means further 
including a user password system for vault access, said 
vault access including functional access based on an 
entered user password; 

means in said PC for interfacing with said non-metering 
application program, said interfacing means issuing a 
request for at least one digital token in response to a 
request for indicia from said non-metering application 
program, said request for digital token including pre- 
determined information required by said token genera- 
tion means; 

means in said PC for communicating with said vault 
means, said communicating means sending said request 
for digital token to said vault means and receiving from 
said vault means a digital token generated by said token 
generation means; and 

means in said PC for generating an indicia bitmap from 
said digital token; 

wherein a requested vault function is performed by the 
vault means when an entered user password under 
which the request is made has been assigned vault 
functional access for the requested vault function. 
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